I am building an iOS application that allows user to signup and login to the enterprise system. Let's name it MyAuthApp which will be used as an authentication app for other (CallingApp) applications within the organisation.
Brief requirements are such:
- Event triggered in CallingApp (eg. user taps on button "login using MyAuthApp")
- MyAuthApp opens automatically, giving user login options
- User provides credentials in MyAuthApp
- Upon successful authentication in MyAuthApp, a callback is returned to CallingApp with the auth token
- CallingApp becomes active and with a valid token, user is able to use CallingApp as needed.
I tried using x-callback-url (https://x-callback-url.com/implementation/) and followed this example (https://github.com/palash89/InterAppCommunication).
MyAuthApp's scheme is registered in CallingApp's info.plist file and vice versa.
MyAuthApp is launched upon event triggered in CallingApp.
let urlStr = "myAuthApp://x-callback-url/auth?x-success=sourceapp://x-callback-url/authSuccess&x-source=callingApp&x-error=sourceapp://x-callback-url/authError"
if let url = URL.init(string: urlStr), UIApplication.shared.canOpenURL(url) {
UIApplication.shared.open(url)
}
Upon receiving auth data, Calling App is launched with token as parameter.
let urlStr = "callingApp://x-callback-url/authSuccess?x-source=myAuthApp&token=\(token)"
if let url = URL.init(string: urlStr), UIApplication.shared.canOpenURL(url)){
UIApplication.shared.open(url)
}
Problem here is, MyAuthApp needs to register CallingApp's scheme in info.plist. This means, every time a new app starts supporting MyAuthApp, MyAuthApp's info.plist needs to be changed.
Is there a way to avoid this dependency? MyAuthApp should not be aware of CallingApp's identity and should ideally return the token by using a callback instead of launching the CallingApp.
